There are currently a number of serious security vulnerabilities that are associated with buffer overflow attacks with most existing software. An attacker exploits these existing software vulnerabilities to gain root control of, or denial of use to, a target computer system. A buffer overflow attack relies on the lack of boundary checking in software languages and lack of programmer discipline that allows the interjection and execution of malicious code by an attacker. Buffer overflow exploit rely on corrupting the processing element (microprocessor or microcomputer) software stack so that the malicious code can be executed by the processing element, thereby giving the attacker control of the target computer. Buffer overflow attacks are the dominant mode of hacker attack for existing computer systems.
Normally, when a buffer overflow vulnerability is found, a software vendor will create software patches to fix the particular buffer overflow vulnerability. Applying software patches however is costly, time consuming, and ineffective overall since it always happens after the vulnerability has been discovered and most often has already been exploited.
Buffer overflow attacks have the following characteristics:                Very widespread vulnerability and dominant mode of attack for computer systems. (e.g. Well publicized distributed denial of service (DdoS) attacks on Yahoo, Ebay and others);        Attacker gains root control of a target computer system;        Buffer overflows result from a lack of boundary checking and lack of programmer discipline that allows the interjection and execution of malicious code;        Relies on corrupting the processor stack so that the malicious code can be executed, thereby giving the attacker control of the target computer.        
How a buffer overflow attack works is described with reference to FIGS. 1a-1d. 
Referring to FIG. 1a, there is illustrated how a normal processing element execution occurs for a stack 10, with a stack pointer (SP) 12 pointing to the top of the used stack in an external memory for storing data 14. The stack is typically either a static random access memory (SRAM) or a dynamic random access memory (DRAM) that normally resides external to a processing element using it.
Referring to FIG. 1b, when a subroutine is called via a jump to subroutine command (JSR), the processor pushes the current program execution address onto the stack to be used as the return address 16 for when the subroutine has completed executing. The stack pointer 12 is incremented to point to the top of the used stack.
Referring to FIG. 1c, the called subroutine executes, and gets any input/output variables requested by the subroutine and places these on the stack, as indicated at 18 again incrementing the stack pointer to point to the top of the used stack. The subroutine most often gets input/output variables by means of a string copy command [strcpy( )]. Once the subroutine has executed, a return command (RET) is issued. Execution then continues normally from the return address that was previously pushed onto the stack when the subroutine was originally called. The previously pushed return address is placed into the program counter to allow execution to continue at the correct place after the subroutine has run.
Referring to FIG. 1d, there is illustrated a typical stack overflow attack. If the called subroutine does not properly check the quantity of data being placed on the stack (most often it does not), the data can overwrite the original return address, as indicated by 20. When the return command (RET) is now called, program execution jumps to some location other than intended location caused by “New Return Address.” During a buffer overflow attack, an attacker submits data to the program, which are actually malicious software instructions, with the last piece of data coordinated to overwrite the original return address with a pointer to a location in the stack itself, as indicated by 22. These data are submitted in many ways depending on the particular program and buffer overflow attack. One typical example is on a web page where the user is requested to input data into a form. When the return command (RET) is now called, program execution starts from the instruction the attacker has placed into the stack, e.g. “Instruction 1” and the attacker now has complete control over the target computer.